Data protection officer
- Name: Nataša von Kopp
- Address: Karl-Marx-Allee 84, 10263 Berlin, Germany
- Email: firstname.lastname@example.org
Basic information on data processing and legal bases
We refer the terms used, such as “personal data” or their “processing”, to the definitions in Art. 4 of the Data Protection Basic Regulation (DSGVO).
The personal user data processed within the scope of this online offer include inventory data (e.g., names and addresses of customers), contract data (e.g., services used, names of administrators, payment information), usage data (e.g., websites visited on our online offer) and content data (e.g., entries in the contact form).
The term “user” covers all categories of persons affected by data processing. These include our business partners, customers, interested parties and other visitors to our online offering. The terms used, such as “user”, are to be understood gender-neutrally.
We process users’ personal data only in compliance with the relevant data protection regulations. This means that the data of the users will only be processed if there is a legal permission. This means, in particular, that if the data processing is necessary for the provision of our contractual services (e.g. processing of orders) and online services, or is required by law, a consent of the users, as well as due to our legitimate interests (i.e. interest in the analysis, optimization and economic operation and security of our online services within the meaning of Art. 6 Para. 1 lit. f. of the German Data Protection Act). DSGVO, in particular for range measurement as well as the collection of access data and the use of third-party services.
We point out that the legal basis of the consents Art. 6 Para. 1 lit. a. and Art. 7 DSGVO, the legal basis for the processing to fulfill our services and implementation of contractual measures Art. 6 Para. 1 lit. b., the legal basis for the processing to fulfill our services and implementation of contractual measures Art. 6 Para. 1 lit. b. and Art. 7 DSGVO are not applicable. DSGVO, the legal basis for processing to fulfil our legal obligations Art. 6 para. 1 lit. c. DSGVO, and the legal basis for processing to safeguard our legitimate interests Art. 6 para. 1 lit. f. DSGVO.
We take organizational, contractual and technical security measures in accordance with the state of the art to ensure that the provisions of the data protection laws are complied with and to protect the data processed by us against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons.
The security measures include in particular the encrypted transmission of data between your browser and our server.
Disclosure of data to third parties and third-party providers
Data will only be passed on to third parties within the framework of legal requirements. We only pass on user data to third parties if this is necessary for contractual purposes, e.g. on the basis of Art. 6 Para. 1 lit. b) DSGVO or on the basis of legitimate interests pursuant to Art. 6 Para. 1 lit. f) DSGVO. DSGVO in the economic and effective operation of our business.
If we use subcontractors to provide our services, we will take appropriate legal precautions as well as appropriate technical and organisational measures to ensure the protection of personal data in accordance with the relevant statutory provisions.
If content, tools or other means from other providers (hereinafter jointly referred to as “third party providers”) are used within the scope of this data protection declaration and their registered office is located in a third country, it is to be assumed that a data transfer to the registered office states of the third party providers takes place. Third countries are countries in which the DSGVO is not a directly applicable law, i.e. basically countries outside the EU or the European Economic Area. Data is transferred to third countries either if there is an appropriate level of data protection, user consent or other legal permission.
When contacting me (via contact form or e-mail), the user’s details will be processed in order to process the contact request and its processing in accordance with Art. 6 Para. 1 lit. b) DSGVO.
Collection of access data and log files
On the basis of our legitimate interests within the meaning of Art. 6 Para. 1 lit. f., we collect DSGVO data on each access to the server on which this service is located (so-called server log files). The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.
Log file information is stored for security reasons (e.g. to clarify abuse or fraud) for a maximum period of 28 days and then deleted. Data, the further storage of which is necessary for evidence purposes, is excluded from deletion until the respective incident has been finally clarified.
Cookies are pieces of information that are transferred from our web server or third party web servers to the user’s web browser and stored there for later retrieval. Cookies can be small files or other types of information storage.
We use “session cookies”, which are only stored for the duration of the current visit to our online presence (e.g. to enable the storage of your login status and thus the use of our online offer at all). A randomly generated unique identification number, a so-called session ID, is stored in a session cookie. In addition, a cookie contains information about its origin and the storage period. These cookies cannot store any other data. Session cookies are deleted when you have finished using our online service and log out or close your browser, for example.
If the users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.
To manage the cookies and similar technologies used (tracking pixels, web beacons, etc.) and related consents, we use the consent tool “Real Cookie Banner”. Details on how “Real Cookie Banner” works can be found at <a href=”https://devowl.io/rcb/data-processing/” rel=”noreferrer” target=”_blank”>https://devowl.io/rcb/data-processing/</a>.
The legal basis for the processing of personal data in this context are Art. 6 (1) lit. c GDPR and Art. 6 (1) lit. f GDPR. Our legitimate interest is the management of the cookies and similar technologies used and the related consents.
The provision of personal data is neither contractually required nor necessary for the conclusion of a contract. You are not obliged to provide the personal data. If you do not provide the personal data, we will not be able to manage your consents.
Integration of third-party services and content
Within the scope of our online offer, we act on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 Para. 1 lit. f. of the German Civil Code). DSGVO) content or service offers from third parties in order to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as “content”). This always presupposes that the third-party providers of this content perceive the IP address of the user, since they would not be able to send the content to their browser without the IP address. The IP address is therefore required for the presentation of this content. We make every effort to use only those contents whose respective providers only use the IP address to deliver the contents. Third party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. Pixel tags can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may contain, among other things, technical information about the browser and operating system, referring web pages, visit times and other information about the use of our online offering, as well as may be linked to such information from other sources.
Rights of users
Users have the right, upon request and free of charge, to obtain information about the personal data we have stored about them.
In addition, users have the right to correct inaccurate data, limit the processing and delete their personal data, if applicable, to assert their rights to data portability and, in the event of the assumption of unlawful data processing, to lodge a complaint with the competent supervisory authority.
Users can also revoke their consent, in principle with effect for the future.
Deletion of data
The data stored by us will be deleted as soon as they are no longer required for their intended purpose and there are no legal obligations to retain them. If the user’s data are not deleted because they are required for other and legally permissible purposes, their processing will be restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example, to user data that must be stored for commercial or tax reasons.
According to legal requirements, the data is stored for 6 years in accordance with § 257 Para. 1 HGB (commercial books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting records, etc.) and for 10 years in accordance with § 147 Para. 1 AO (books, records, management reports, accounting records, commercial and business letters, documents relevant for taxation, etc.).
Right of objection
Users may at any time object to the future processing of their personal data in accordance with the statutory provisions. The objection can be made in particular against the processing for purposes of direct marketing.
Changes to the data protection declaration
We reserve the right to change the data protection declaration in order to adapt it to changed legal situations or in the event of changes to the service or data processing. However, this only applies to declarations on data processing. If the user’s consent is required or if elements of the data protection declaration contain provisions governing the contractual relationship with the user, the changes will only be made with the user’s consent.
As of: March 2020